[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls & TLS1.1

From: Simon Josefsson
Subject: Re: gnutls & TLS1.1
Date: Thu, 31 Jan 2008 22:29:42 +0100

On 31 jan 2008, at 22.16, Matt Smith wrote:

Hello Mr. Josefsson,
  I was wondering if you could assist me.

I am looking for a packet capture of a TLS1.1 session being established. I attempted to use tcpdump on my local system while connecting with your test server here:

As the test page states, this connection was made using TLS1.0, so that's not exactly what I need.

You must use a client that supports TLS 1.1. The test server will negotiate TLS 1.1 if your client supports it. If you used a browser to access that page, chances are that your browser doesn't implement TLS 1.1. Try gnutls-cli from GnuTLS itself.

I also attempted to download and install gnutls-2.3.0.tar.bz2 , however, the README for that file says that it only supports SSLv3 and TLSv1.0 (although I suppose that the README has not yet been updated if this is the newest version of mod_gnutls).

Oops! I'll fix the README tomorrow, it is probably better if it doesn't say anything about version numbers at all.

You wouldn't happen to have a pcap of a TLSv1.1 session being established, would you? or, Am I correct in thinking that gnutls2.3.0 should indeed support TLS1.1? or, would it be possible to reconfigure the test server to only accept TLS1.1 (drastic, and the least desirable option).

The test server and gnutls2.3.0 supports TLSv1.1, so I don't think getting a pcap will be difficult for you. But if you can't get it to work, I'll see if I can produce a pcap file for you.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]